Transcript
PA-5200 SERIES
Palo Alto Networks® PA-5200 Series of next-generation firewall appliances is c omprised of the PA-5260, the PA-5250 and the P A-5220, which target high-speed data c enter, internet gateway, and service provider deployments. The PA-5200 Series delivers up to 72 Gbps of throughput using dedicated processing and memory for the key functional areas of networking, security, threat prevention and management. Key Security Features: Classifies all applications, on all ports, all the time • Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed • Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping • Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development Enforces security policies for any user, at any location • Deploys consistent policies to local and remote users running on the Windows®; Apple® Mac® OS X®, macOS™ and iOS; Linux®; and Android™ platforms • Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix® • Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information Prevents known and unknown threats • Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed • Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing • Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection
Palo Alto Networks | PA-5200 Series | Datasheet
PA-5260
PA-5250
PA-5220
The controlling element of the PA-5200 Series is PAN-OS, security operating system, which that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time. Performance and Capacities1
PA-5260
PA-5250
PA-5220
Firewall throughput (App-ID enabled)
72.2 Gbps
35.9 Gbps
18.5 Gbps
Threat prevention throughput3
30 Gbps
20.3 Gbps
9.2 Gbps
IPsec VPN throughput
21 Gbps
14 Gbps
5 Gbps
Max sessions
32,000,000
8,000,000
4,000,000
New sessions per second4
458,000
348,000
169,000
Virtual systems (base/max5)
25/225
25/125
10/20
2
1 Performance and capacities are measured under ideal testing conditions. 2 Firewall throughput measured with App-ID and User-ID features enabled utilizing 64K HTTP transactions 3 Threat prevention throughput measured with App-ID, User-ID, IPS, A ntiVirus and Anti-Spyware features enabled utilizing 64K HTTP transactions 4. New sessions per second is measured with 4K HTTP transactions 5. Adding virtual systems base quantity requires a separately purchased license
1
Networking Features
Hardware Specifications
Interface Modes
I/O
• L2, L3, Tap, Virtual wire (transparent mode)
PA-5260 | PA-5250 - (4) 100/1000/10G Cu, (16) Gig/10Gig SFP/SFP+, (4) 40G/100G QSFP28 PA-5220 – (4)100/1000/10G Cu, (16) Gig/10Gig SFP/SFP+, (4) 40G QSFP+
• Point-to-point protocol over Ethernet (PPPoE) and DHCP supported for dynamic address assignment
Routing
Management I/O
• Policy-based forwarding
PA-5260 | PA-5250 - (2) 10/100/1000, (1) 40G/100G QSFP28 HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port PA-5220 - (2) 10/100/1000, (1) 40G QSFP+ HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port
• Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
Storage Options
• Bidirectional Forwarding Detection (BFD)
Dual Solid State Disk Drives
IPv6
Storage Capacity
• L2, L3, Tap, Virtual Wire (transparent mode)
240GB SSD, RAID1, System Storage 2TB HDD, RAID1, Log Storage
• OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, Static routing
• Features: App-ID™, User-ID™, Content-ID™, WildFire™, and SSL decryption
Power (Max Power Consumption)
• SLAAC
870 Watts
IPsec VPN
Max BTU/hr
• Key exchange: Manual key, IKE v1 and IKEv2 (pre-shared key, certificate-based authentication)
2,970
• Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
1:1 Fully Redundant (2/2)
• Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
AC Input Voltage (input Hz)
• GlobalProtect™ large-scale VPN (LSVPN) for simplified configuration and management
VLANs • 802.1q VLAN tags per device/per interface: 4,094/4,094 • Aggregate interfaces (802.3ad), LACP
Power Supplies (base/max)
100‐240VAC (50‐60Hz)
AC Power Supply Output 1200 Watt/power supply
Max Current AC power supplies — 6.5A@100‐240VAC DC power supplies — 19A@‐40 to ‐60VDC
Network Address Translation (NAT) • NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation) • NAT64, NPTv6 • Additional NAT features: Dynamic IP reservation, tunable dynamic IP and port oversubscription
Max Inrush Current AC power supplies — 50A@230VAC, 50A@120VAC DC power supplies — 200A@72VDC
Mean Time Between Failure (MTBF) 9.23 Years
High Availability
Rack Mount (Dimensions)
Modes: Active/Active, Active/Passive
3U, 19” Standard Rack 5.25”H X 20.5”D X 17.25”W (13.33cm X 52.07cm X 43.81cm)
Failure detection: Path monitoring, interface monitoring
Weight 46lbs (20.87Kg) System only, 62lbs (28.13Kg) as shipped
Safety
To view additional information about the features and associated capacities of the PA-5200 Series, please visit www.paloaltonetworks.com/products.
cCSAus, CB IEC60950-1
EMI FCC Class A, CE Class A, VCCI Class A
Certifications See https://www.paloaltonetworks.com/company/certifications.html
Environment Operating Temperature: 32°F to 122°F (0° to 50°C) Non-Operating Temperature: ‐20° to 70°C (‐4°F to 158°F)
4401 Great America Parkway Santa Clara, CA 95054 Main: +1.408.753.4000 Sales: +1.866.320.4788 Support: +1.866.898.9087 www.paloaltonetworks.com
© 2017 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at http://www.paloaltonetworks.com/ company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. pa-5200-series-ds-020817
